docker-zulip
docker-zulip copied to clipboard
HOST Server with NGINX Reverse Proxy + Let's Encrypt + Zulip in a Container (without certificates). How configuring it with docker-compose?
I'm kind of new with Zulip and I'm trying to deploy it in a PRO env with docker-compose in these conditions:
- ZULIP Server: Zulip is deployed in a docker containers (inside a HOST server)
- REVERSE PROXY Web Server: NGINX in a Host with a server redirecting to Zulip Server
- CERTIFICATES: Server domain in Host with Let's Encrypt certificates (no in Zulip Container)
With the information I've seen (mainly about reverse proxy and entrypoint.sh) I've setted up my docker-compose.yaml file.
I don't know what I do have to do to avoid both container's certificate generation (self-signed & certbot) for delegating security in HOST server.
¿Any suggestions or hints?
Thanks in advance
When execute the docker-compose commad I see servers Zulip is related with (postgresql, rabbitmq, memcahed and redis), apparently, are working OK
This is the docker-compose content for Zulip service:
.
.
.
zulip:
image: 'zulip/docker-zulip:3.1-0'
build:
context: .
args:
# Change these if you want to build zulip from a different repo/branch
ZULIP_GIT_URL: https://github.com/zulip/zulip.git
ZULIP_GIT_REF: 3.1
# Set this up if you plan to use your own CA certificate bundle for building
# CUSTOM_CA_CERTIFICATES:
ports:
- '5010:80'
- '5011:443'
env_file:
- ./.env
environment:
SETTING_ZULIP_ADMINISTRATOR: '[email protected]'
SETTING_EXTERNAL_HOST: 'zulip.example.es'
SETTING_ALLOWED_HOSTS: "['zulip.example.es', 'localhost', '127.0.0.1']"
SETTING_USE_X_FORWARDED_HOST: "True"
SSL_CERTIFICATE_GENERATION: 'NO' # generated in HOST with Let's Encrypt
DB_HOST: 'database'
DB_HOST_PORT: '5432'
DB_USER: 'zulip'
SETTING_MEMCACHED_LOCATION: 'memcached:11211'
SETTING_RABBITMQ_HOST: 'rabbitmq'
SETTING_REDIS_HOST: 'redis'
# MEMCACHED_PASSWORD, and REDIS_PASSWORD above.
SETTING_EMAIL_HOST: 'mail.example.es' # e.g. smtp.example.com
SETTING_EMAIL_HOST_USER: '[email protected]'
SETTING_EMAIL_PORT: '587'
# It seems that the email server needs to use ssl or tls and can't be used without it
SETTING_EMAIL_USE_SSL: 'False'
SETTING_EMAIL_USE_TLS: 'True'
ZULIP_AUTH_BACKENDS: 'EmailAuthBackend'
# Uncomment this when configuring the mobile push notifications service
# SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com'
volumes:
- '/opt/docker/zulip/zulip:/data:rw'
ulimits:
nofile:
soft: 1000000
hard: 1048576
Did you work this out? Here is what worked for me in environment variables. Then, I just pointed nginx at the container and all was good.
DISABLE_HTTPS: 'True' # https://github.com/zulip/docker-zulip/issues/137
SSL_CERTIFICATE_GENERATION: 'self-signed'